Hi Jacques, It is at 12.04 r1662960.
And Taher, for which page! I am not sure. As I have mentioned that it was
reported by end user and he has informed that when he accessed the site he
found himself loggedin. The issue is on production deployment and has
reported by couple of users only. Not occurring for everyone. It was not
produced at staging or development server.
BTW the case -
Person A log in to URL xyz, then clicks the logout button, then person B
enters the URL abc on the same computer and he is automatically logged in
It is not possible, since it is confirmed that Person A & Person B are
living in different cities. They does not share common computer even not
network.
One thing that I should mentioned that it is upgrade deployment from 11 to
12 where ofbiz is at 12.04 r1662960 and ecommerce is customize to fix
upgrade issues.
We are connecting to *same db* as it exist for production *env at 11.*
Following are entries of controller.xml for login & main page
<request-map uri="main"><response name="success" type="view" value="main"
save-current-view="true"/></request-map>
<request-map uri="login">
<event type="java" path="org.ofbiz.webapp.control.LoginWorker"
invoke="login"/>
<response name="success" type="view" value="home"/>
<response name="error" type="view" value="login"/>
</request-map>
On Wed, Jul 29, 2015 at 10:51 PM, Taher Alkhateeb <
slidingfilame...@gmail.com> wrote:
> In Addition to Jacques's question, what is the exact URL being accessed in
> the beginning?
>
> Also if possible, can you give us the exact steps to repeat? For example,
> Person A log in to URL xyz, then clicks the logout button, then person B
> enters the URL abc on the same computer and he is automatically loggged in.
> It is important to see the "Exact URL" and exact steps and if possible also
> the controller.xml entry corresponding to this URL.
>
> Taher Alkhateeb
>
> ----- Original Message -----
>
> From: "Jacques Le Roux" <jacques.le.r...@les7arts.com>
> To: dev@ofbiz.apache.org
> Sent: Wednesday, 29 July, 2015 6:42:03 PM
> Subject: Re: Unauthorized user loggedin
>
> Which version are you using?
>
> Jacques
>
> Le 29/07/2015 17:23, Sumit Pandit a écrit :
> > Hi Taher, Appreciate your revert,
> >
> > Logs has already analyzed, logger is set to warning and nothing is
> > available there, it is like normal user login with not error/warning
> > printed. For user's feedback reference, I have a screenshot which he had
> > shared showing my account of that user.
> > There are no customization done at framework level, Project is using
> > default ecommerce login of OFBiz.
> >
> > Server is running on Linux box with postgres DB.
> > That are all answers of your questions. I would provide more details as
> > your request.
> >
> >
> > On Wed, Jul 29, 2015 at 8:15 PM, Taher Alkhateeb <
> slidingfilame...@gmail.com
> >> wrote:
> >> Hi Sumit,
> >>
> >> You're providing little information to go on with. Can you at least
> provide
> >> some server logs, the context on which this happened, users feedback,
> the
> >> environment in which the system is running, which screen, customization
> >> done to the framework?
> >>
> >> Taher Alkhateeb
> >> On Jul 29, 2015 5:07 PM, "Sumit Pandit" <meetsumit...@gmail.com> wrote:
> >>
> >>> Hi All,
> >>> Recently for one of the client's deployment, I am getting a serious
> >>> security issue -
> >>>
> >>> Some of frontend customers has reported that when they had login to
> site
> >>> then the it was opened as loggedin with different user account. And
> they
> >>> were able to access "my account" of that user.
> >>>
> >>> I can confirm that
> >>> 1. there is no close network connection between both of the customers
> >> (one
> >>> who was accessing the site & one whose account has opened).
> >>> 2. Both user has different username exist in system.
> >>> 3. The account which was showing as logged in, has not accessed the
> site
> >>> since long.
> >>>
> >>> This issue has reported by many users and causing serious problems.
> >>>
> >>> Can someone help me by giving any clue why it is happening? Any
> solution?
> >>>
> >>> --
> >>> Thanks and Regards
> >>> Sumit Pandit
> >>>
> >
> >
>
>
--
Thanks and Regards
Sumit Pandit
